Cybercriminals are targeting small businesses with increasingly sophisticated attacks. “Corporate account takeover” is a form of identity theft of a business. Criminals phony emails pretending to be someone you know to trick you into clicking on links or attachments that can lead to malicious software being installed on your computer. Once this happens, they will ask you to enter credentials where they will gain access to your email account. At that point, they will send emails to the bank appearing to be from you to initiate ACH and wire transactions.
Combating corporate account takeover is a shared responsibility between businesses and the bank. Bankers have many safeguards to protect small businesses, but the business needs to do its part to help combat these crimes. Your business should train employees to recognize the warning signs of this fraud, because they are the first line of defense.
Small businesses are popular targets of cybercrime. Business owners are encouraged to minimize their exposure to online threats by educating all of their employees and staying alert for any account or network activity that appears suspicious.
Charlotte State Bank & Trust is offering small businesses these tips to help prevent corporate account takeover:
- Educate your employees. You and your employees are the first line of defense against corporate account takeover. A strong security program paired with employee education about the warning signs, safe practices, and responses to a suspected takeover are essential to protecting your company and customers.
- Hire a professional to help protect your online environment. Many small businesses don’t spend money to hire a professional, which is the number one reason they are a target! It is important to protect your cyber environment just as you would your cash and physical location. Do not use unprotected internet connections. Encrypt sensitive data and keep updated virus protections on your computer. Don’t share passwords and enable two-factor authentication when available.
- Partner with your bank to prevent unauthorized transactions. Talk to your banker about programs that safeguard you from unauthorized transactions. Positive Pay and other services offer call backs, device authentication, multi-person approval processes and batch limits help protect you from fraud. Balance all accounts promptly and report any unauthorized transactions immediately.
- Pay attention to suspicious activity and react quickly. Look out for unexplained account or network activity, pop ups, and suspicious emails. If detected, immediately contact your financial institution, stop all online activity and remove any systems that may have been compromised. Keep records of what happened.
- Understand your responsibilities and liabilities. The account agreement with your bank will detail what commercially reasonable security measures are required in your business. It is critical that you understand and implement the security safeguards in the agreement. If you don’t, you could be liable for losses resulting from a takeover. Talk to your banker if you have any questions about your responsibilities.